Get Ready to Kiss Passwords Goodbye
Prepare to bid farewell to passwords! For decades, passwords have been necessary for secure interaction with technology. However, whether you’re an end user, IT professional, or business owner, passwords have caused numerous issues, such as forgetfulness, burdened password resets, password reuse, and susceptibility to phishing scams. It’s become evident that the only way to eliminate these problems is to eliminate passwords entirely. Fortunately, passkeys are rapidly replacing passwords, with Apple’s roll-out of the technology in its iOS 16 and macOS Ventura providing a significant boost.
So what exactly are passkeys? Passkeys use the secure element in laptops, mobile phones, and FIDO2 security keys to store cryptographic secrets. Unlike current passwordless solutions, passkeys utilize the mobile devices you already have, making it simpler for people to adopt them. They also replace both passwords and multi-factor authentication apps, combining multiple factors into a single flow. Passkeys are immune to phishing because your device only provides credentials that match the URL exactly. Passkeys are also unique for each website you visit, making reuse impossible.
Implementing passkeys is relatively straightforward, especially for applications that utilize Single Sign-On (SSO) to your centralized identity provider. However, a plan is necessary to ensure successful and user-friendly implementation. Considerations should be made for user training and support, whether to enroll phones, laptops, or both, and whether USB security keys are necessary for privileged/admin users. Technology considerations include target applications, device operating systems, and legacy devices, while process considerations include onboarding, managing subcontractors and managed service providers, temporary options, and lost devices.
Big tech leaders such as Apple, Google, and Microsoft are working together to make passkeys standard across their ecosystems, which should make the adoption process smoother. At CyberCX, we’re already working with organizations to prepare for this shift and can help you do the same.